Use better defaults for for ospd-openvas settings

* Make the service file usable for real scenarios * Use better file names for configs * In service file load configs from /etc/gvm
greenbone · Jul 1, 2021 · f631e18 · f631e18
1 parent 0885365
commit f631e18
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 43 deletions.
diff --git a/config/ospd-openvas.conf b/config/ospd-openvas.conf
@@ -0,0 +1,7 @@
+[OSPD - openvas]
+log_level = INFO
+socket_mode = 0o770
+unix_socket = /run/ospd/ospd-openvas.sock
+pid_file = /run/ospd/ospd-openvas.pid
+log_file = /var/log/gvm/ospd-openvas.log
+lock_file_dir = /var/lib/openvas
diff --git a/config/ospd-openvas.default b/config/ospd-openvas.default
diff --git a/config/ospd-openvas.service b/config/ospd-openvas.service
@@ -1,21 +1,19 @@
 [Unit]
-Description=OpenVAS Wrapper of the Greenbone Vulnerability Management (ospd-openvas)
+Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
 Documentation=man:ospd-openvas(8) man:openvas(8)
 After=network.target networking.service redis-server@openvas.service
 Wants=redis-server@openvas.service
 ConditionKernelCommandLine=!recovery
 
 [Service]
 Type=forking
-EnvironmentFile=<install-prefix>/etc/default/ospd-openvas.default
-Environment="PATH=$PATH"
-Environment="PYTHONPATH=$PYTHONPATH"
-User=$OSPD_OPENVAS_USER
-Group=$OSPD_OPENVAS_GROUP
-PIDFile=$OSPD_OPENVAS_PID
-ExecStart=<install-prefix>/bin/ospd-openvas $OSPD_OPENVAS_ARGS
+User=gvm
+Group=gvm
+RuntimeDirectory=ospd
+RuntimeDirectoryMode=2775
+PIDFile=/run/ospd/ospd-openvas.pid
+ExecStart=/usr/local/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf --log-config /etc/gvm/ospd-logging.conf
 SuccessExitStatus=SIGKILL
-# This works asynchronously, but does not take the daemon down during the reload so it's ok.
 Restart=always
 RestartSec=60
 

diff --git a/config/ospd.conf b/config/ospd.conf
diff --git a/ospd_openvas/daemon.py b/ospd_openvas/daemon.py
@@ -438,7 +438,7 @@ class OSPDopenvas(OSPDaemon):
     """ Class for ospd-openvas daemon. """
 
     def __init__(
-        self, *, niceness=None, lock_file_dir='/var/run/ospd', **kwargs
+        self, *, niceness=None, lock_file_dir='/var/lib/openvas', **kwargs
     ):
         """ Initializes the ospd-openvas daemon's internal data. """
         self.main_db = MainDB()

diff --git a/pyproject.toml b/pyproject.toml
@@ -32,7 +32,6 @@ keywords = [
 packages = [
   { include = "ospd_openvas"},
   { include = "docs/ospd-openvas.8", format = "sdist"},
-  { include = "config/ospd-openvas.default", format = "sdist"},
   { include = "config/ospd-openvas.service", format = "sdist"},
   { include = "config/ospd.conf", format = "sdist"},
   { include = "tests", format = "sdist" },